Author: HackWatchit

Data breaches are rising across industries, hitting healthcare, finance, and retail especially hard. The damage goes beyond lost data, as it’s financial, operational, and reputational. A recent report conducted by the Ponemon Institute found that third-party data breaches have severe consequences across critical sectors, with data theft and loss posing the greatest risk. Each industry faces different costs and risks. Understanding these differences helps organizations prepare. Hospitals may face regulatory fines and a loss of patient trust. Banks risk customer attrition and increased scrutiny from regulators. “Regulatory fines and penalties for disclosing patient information, along with large settlements tied to…

The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States’ National Association for Stock Car Auto Racing, and made off with more than 1TB of data.In a posting on its dark web leak site, Medusa has demanded a US $4 million ransom be paid for the deletion of NASCAR’s data.At the top of the page, Medusa has placed a countdown timer – whereafter it threatens to make the data stolen from NASCAR available to anybody on the internet. The countdown deadline can be extended at a cost of US $100,000 per day.In an attempt…

Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. Update to secure versions now. Cybersecurity researchers at Fortinet have recently alerted customers about a new method used by cyber attackers to maintain access to FortiGate devices. The attackers exploited known vulnerabilities, such as FG-IR-22-398, FG-IR-23-097, and FG-IR-24-015, to gain entry and then left behind a backdoor for continued, read-only access even after systems were patched. The method begins with attackers taking advantage of vulnerabilities that many devices had not yet fixed. Once inside, they created a symbolic link that connects the user filesystem…

Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, mobile apps, intranets, and e-commerce websites. “Our aim is to liberate online fraud protection technologies, making them widely available for organizations of any size. Tirreno is designed to be as easy to set up as typical website analytics tools. Unlike most cyberfraud prevention services, Tirreno is not solely focused on transactions or e-commerce. Instead, it can provide protection for any user-facing web application,” Olga Degros, the project’s founder, told Help Net Security. Tirreno features Tirreno offers tailored…

Originally aired on October 21, 2020. The post Talkin’ About Infosec News – 10/21/2020 appeared first on Black Hills Information Security, Inc..

In today’s digital age, personal and professional data are constantly being stored, transferred, and backed up across various devices. Among these devices, hard drives and smartphones often contain an immense amount of sensitive information—data that, if left unprotected or improperly discarded, can pose significant cybersecurity threats. As people upgrade their technology, it’s easy to forget that the devices they no longer use still contain vast amounts of data. Whether you’re clearing out old hard drives, passing along smartphones, or simply discarding outdated technology, you might be unknowingly opening the door to a host of cybersecurity risks. Let’s dive into why…

The following is a guest post and opinion from Ahmad Shadid, Founder of O.xyz.Under the flimsy pretext of efficiency, the Department of Government Efficiency (DOGE) is gutting its workforce. An independent report suggests that DOGE has slashed around 222,000 job cuts in March alone. The cuts are hitting hardest in areas where the U.S. can least afford to fall behind — artificial intelligence and semiconductor development.Now the bigger question is beyond gutting the workforce – it is that Musk’s  Department of Government Efficiency is using artificial intelligence to snoop through federal employees’ communications, hunting for any whiff of disloyalty. It…

South African telecom provider Cell C disclosed a data breach following a cyberattack Pierluigi Paganini April 14, 2025 Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals. Cell C has confirmed a data breach following a RansomHouse cyberattack that occurred last year. The ransomware group has since…

Why does Machine Identity Management matter for Secure Innovation? Understanding Non-Human Identities (NHIs) Do you know the vast number of operations carried out on the cloud today are managed by non-human entities? That’s right. Non-Human Identities or NHIs make up the majority of individuals making calls to your servers, databases, APIs, and other sensitive resources. These NHIs are machine identities – automated processes, applications, or devices – that are integral for the day-to-day running of cloud-based operations. NHIs are created by combining a “Secret” – an encrypted password, token, or key – with the permissions granted to that secret by…